Home
last modified time | relevance | path

Searched refs:DANE (Results 1 – 25 of 40) sorted by relevance

12

/freebsd/crypto/openssl/doc/man3/
H A DSSL_CTX_dane_enable.pod9 - enable DANE TLS authentication of the remote TLS server in the local
33 These functions implement support for DANE TLSA (RFC6698 and RFC7671)
37 required for DANE support.
39 per-connection DANE support as appropriate.
40 DANE authentication is implemented in the L<X509_verify_cert(3)> function, and
49 The B<mtype> argument specifies a DANE TLSA matching type and the B<md>
59 of the DANE TLSA parameter acronyms) is mapped to C<EVP_sha256()>
64 L<SSL_connect(3)> if (and only if) you want to enable DANE for that connection.
65 (The connection must be associated with a DANE-enabled SSL context).
89 If no TLSA records are added successfully, DANE authentication is not enabled,
[all …]
H A DSSL_set1_host.pod27 via SSL_set_hostflags(). Clients that enable DANE TLSA authentication
37 is required for DANE TLSA in the presence of service name indirection
60 of scope with the RFC7671 DANE-EE(3) certificate usage, and the
61 internal check will be suppressed as appropriate when DANE is
70 applicable (as with RFC7671 DANE-EE(3)), or no trusted peername was
H A DSSL_CTX_set_ct_validation_callback.pod85 validated via DANE-TA(2) or DANE-EE(3) TLSA records which use a private X.509
88 nor to have specified server verification via DANE-TA(2) or DANE-EE(3) TLSA
H A DX509_check_host.pod139 checks may be out of scope with the DANE-EE(3) certificate usage,
141 DANE support is enabled.
H A DSSL_new.pod54 =item any DANE settings
H A DX509_STORE_CTX_get_error.pod394 =item B<X509_V_ERR_DANE_NO_MATCH: no matching DANE TLSA records>
396 DANE TLSA authentication is enabled, but no TLSA records matched the
H A DX509_VERIFY_PARAM_set_flags.pod156 with the DANE-EE(3) certificate usage, and the internal check will
157 be suppressed as appropriate when DANE verification is enabled.
/freebsd/contrib/sendmail/src/
H A Ddomain.c28 # if DANE
72 # if DANE
750 # if DANE
894 # if DANE
909 # if DANE
933 # if DANE
1069 # if DANE
1076 # if DANE
1114 # if DANE
1356 # if DANE
[all …]
H A Dtls.h49 #if DANE
238 # if DANE
284 # if DANE
H A Dsm_resolve.h49 #if DNSMAP || DANE
155 # if DANE
H A Ddeliver.c41 #if DANE
51 # if DANE
1713 # if DANE
1777 # if DANE
1958 #if DANE
2021 #if DANE
2556 #if DANE
2569 #if DANE
2623 #if DANE
2784 # if DANE
[all …]
H A Dstab.c22 #if DANE
201 #if DANE
419 #if DANE in rmexpstab()
H A Dsendmail.h44 # if _FFR_TLSA_DANE && !defined(DANE)
45 # define DANE _FFR_TLSA_DANE macro
48 # if DANE
194 # if DANE
225 # if DANE
379 #if DANE
602 #if DANE
1769 #if DANE
1806 #if DANE
1838 #if DANE
[all …]
H A Dtls.c32 # if DANE && OPENSSL_VERSION_NUMBER == 0x30200000L
33 # error OpenSSL 3.2.0 has a bug related to DANE
1815 # if DANE
1950 # if DANE
2057 # if DANE
2150 # if DANE
2162 # if DANE
2477 # if DANE
2840 # if DANE
2851 # if DANE
H A DTRACEFLAGS80 #if DANE
116 90,>99 tls.c deliver.c Simulate error for OpenSSL functions related to DANE
H A Dtlsh.c60 # if DANE
H A Ddaemon.c32 # if DANE
2137 #if DANE in makeconnection()
2146 #if DANE
2169 #if DANE
2172 #if DANE && NETINET6
2178 #if DANE
2391 #if DANE
H A Dsm_resolve.c56 # if DNSMAP || DANE
1380 # if DANE
/freebsd/crypto/openssl/test/
H A Ddanetest.in49 ## -- Anonymous and "never valid" leaf certificate DANE-EE(3) tests
201 ## -- DANE-?? chain tests --
1510 # DANE-EE(3) beats DANE-TA(2)
1559 # DANE-TA(2) depth 1 beats DANE-TA(2) depth 2
1608 # DANE-TA(2) depth 2 beats PKIX-TA(0) depth 1
1657 # DANE-TA(2) depth 2 beats PKIX-EE depth 0
1706 # DANE-TA(2) Full(0) root "from DNS":
1740 # DANE-TA(2) Full(0) intermediate "from DNS":
1760 # DANE-TA(2) SPKI(1) Full(0) intermediate "from DNS":
1780 # DANE-TA(2) SPKI(1) Full(0) root "from DNS":
[all …]
/freebsd/contrib/ldns/
H A Dconfigure.ac616 AC_ARG_ENABLE(dane, AC_HELP_STRING([--disable-dane], [Disable DANE support]))
617 AC_ARG_ENABLE(dane-verify, AC_HELP_STRING([--disable-dane-verify], [Disable DANE verify support]))
618 AC_ARG_ENABLE(dane-ta-usage, AC_HELP_STRING([--disable-dane-ta-usage], [Disable DANE-TA usage type …
643 AC_MSG_ERROR([DANE enabled, but no SSL support])
645 …AC_CHECK_FUNC(X509_check_ca, [], [AC_MSG_ERROR([OpenSSL does not support DANE: please upgrade Open…
647 AC_DEFINE_UNQUOTED([USE_DANE], [1], [Define this to enable DANE support.])
655 AC_DEFINE_UNQUOTED([USE_DANE_VERIFY], [1], [Define this to enable DANE verify support.])
663 …ane, [], [AC_MSG_ERROR([OpenSSL does not support offline DANE verification (Needed for the DANE-TA…
667 … AC_DEFINE_UNQUOTED([USE_DANE_TA_USAGE], [1], [Define this to enable DANE-TA usage type support.])
H A DREADME25 - OpenSSL >= 0.9.7f for DANE support
/freebsd/crypto/openssl/doc/man1/
H A Dopenssl-s_client.pod.in345 Enable RFC6698/RFC7671 DANE TLSA authentication and specify the
351 When DANE authentication succeeds, the diagnostic output will include
361 Use one or more times to specify the RRDATA fields of the DANE TLSA
378 DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1
383 This disables server name checks when authenticating via DANE-EE(3) TLSA
392 DANE-EE(3) TLSA records, and can be disabled in applications where it is safe
/freebsd/contrib/ldns/ldns/
H A Dconfig.h.in415 /* Define this to enable DANE support. */
418 /* Define this to enable DANE-TA usage type support. */
421 /* Define this to enable DANE verify support. */
/freebsd/contrib/sendmail/cf/cf/
H A Dsubmit.cf552 # enable DANE?
553 #O DANE=false
1263 R$* $| DANE_NOTLS $#error $@ 4.7.0 $: "454 DANE: missing STARTTLS."
1264 R$* $| DANE_TEMP $#error $@ 4.7.0 $: "454 DANE check failed temporarily."
1265 R$* $| DANE_FAIL $#error $@ 4.7.0 $: "454 DANE check failed."
/freebsd/contrib/sendmail/cf/m4/
H A Dproto.m4217 # flag d: turn off DANE
714 # enable DANE?
715 _OPTION(DANE, `confDANE', `false')
2815 define(`DANE_MSG', `DANE check failed.')dnl
2816 define(`DANE_TEMP_MSG', `DANE check failed temporarily.')dnl
2817 define(`DANE_NOTLS_MSG', `DANE: missing STARTTLS.')dnl
2853 dnl note: this allows to disable DANE per RCPT.
2974 dnl # deal with DANE errors: abort
2978 dnl # deal with DANE tempfail: abort
3149 dnl <DANE>: enabled
[all …]

12